Proton is ransomware that our team discovered on VirusTotal while checking the page for recently submitted malware samples. We found that Proton encrypts files, appends the kigatsu@tutanota.com email address, victim's ID, and, depending on the variant, ".Proton" or ".kigatsu" extension to filename
Rorschach (also known as BabLock) is ransomware that encrypts files. The attackers aim at small and medium-sized businesses as well as industrial companies. Along with encrypting data, Rorschach also adds a random string of characters and a two-digit number (ranging from 00 to 98) to the end of fi
While examining the Sports Engine browser extension, we found that it hijacks a web browser by changing its settings. The purpose of this browser-hijacking app is to promote a fake search engine (sportengine.info). Additionally, Sports Engine can read certain data. Once added, the Sports E
Upon scrutinizing this email, we have ascertained that it is a fraudulent extortion letter. This phishing campaign comprises of at least two versions of the letter, with the perpetrators employing the names of well-known cybercriminals to intimidate and lend credibility to their threats. T
After reviewing this email, we determined that it is a phishing letter masquerading as a notification from an email service regarding mail delivery status. There are at least two variants of this letter in the phishing campaign. Scammers use both of them to lure unsuspecting recipients into provid
Self-extracting (SFX) archive files have traditionally been used to share compressed data with individuals who do not have the software to unpack and view the contents of a standard archive file. Nevertheless, these files can harbor covert malicious functionality that is not readily apparent to us
Predator is the name of spyware (malicious software) targeting Android users. Between August and October 2021, the attackers utilized zero-day exploits that targeted Chrome and the Android OS to install Predator spyware implants on Android devices, even those that were fully up-to-date. It
While examining lepigthree[.]xyz, we noticed that it wants to show untrustworthy notifications. Lepigthree[.]xyz displays a deceptive message to lure visitors into agreeing to receive its notifications. We discovered lepigthree[.]xyz while inspecting other dubious websites. Lepigthree[.]xy
Upon investigating this scam, we have determined that it is a classic crypto giveaway scam that purports to be orchestrated by a public figure (in this instance, Andrew Tate). The scammers' objective behind it is to dupe unsuspecting individuals into transferring their cryptocurrency funds. It is
While examining this scam, our team learned that it is a technical support scam delivered by a deceptive website designed to trick unsuspecting visitors into calling a fake number (contacting scammers). This scam page displays multiple fake messages urging visitors to take immediate action. Typica